Forum Discussion

Andy_304337's avatar
Aug 07, 2017

tcpdump to capture irule processing

Hey All

 

A quick question, tcpdump helps capture packets going in & out on an IP configured part of the Big-IP config. Do we have a specific syntax of tcpdump which can be used to see how an irule is processing traffic / redirecting traffic to certain pool.

 

This is in respect irule for Exchange F5 config which does involve irule directing the traffic to certain pool based on service call ( oab /rpc / ews /autodiscover /) .

 

Please let me know your inputs/suggestions /thoughts

 

  • I aint sure that there's one as Irule deals with events,condition and action.

    You can use

    log local0. "your statement to see if its executed"
    .

  • this article show how to enable extra information in the tcpdump: https://support.f5.com/csp/article/K13637

     

    will this do what you want, i doubt it. i also don't see how that would work, from a tcpdump output point of view i don't see where should information would belong.

     

  • P_K's avatar
    P_K
    Icon for Altostratus rankAltostratus
    1. It depends on how often that irule is running. log local0. logs to your local appliance which will have the slightest possible impact. I wouldn't worry about this.
    2. yes.. you should see logs at /var/log/ltm or from GUI.( System -> Logs -> Local traffic)
    3. Nothing specific.
    4. Not that i know of. But you will do see redirects in the TCPDUMP by enabling advanced options.